[Ed Note: This post is the first in a series of posts by members of TLF who attended the Facebook Design Jam in Hyderabad on 10 July 2019. It has been authored by Namratha Murugeshan, a final year student at NALSAR University of Law and member of TLF.]
Members of TLF’s Organizing Committee were invited to attend Facebook’s Data Awareness Design Jam on the 10th of July 2019. A Design Jam is an event that provides a platform for start-ups and designers to pitch and improve their products. They are typically very interactive and informative sessions that help the participants gain new perspectives about their products and learn more about compliance with law and policy. Likewise, Facebook’s event too was an excellent opportunity for us to interact with start-ups, professionals, policymakers, designers and surprisingly, quite a few lawyers too. A key takeaway for the TLF members present at the event was gaining knowledge about the consumer perspectives surrounding data protection in India. A panel discussion on the same topic was organized at the Jam. The speakers included Smriti Parsheera from NIPFP (National Institute of Public Finance and Policy), Shagufta Gupta from CUTS (Consumer Unity & Trust Society) and Prerak Mehta from Dalberg Global Development Advisors. This post is a brief on the panel discussion.
The focus of the panel discussion was on value creation for companies through increasing compliance with the transparency norm. The speeches, while ranging in perspective, centered on the idea of how compliance with law and increasing transparency aids in increasing the reputation of start-ups and companies. This comes as a particularly interesting insight, given that data protection in the eyes of the law has largely come to be viewed as the foundation upon which creative technologies need to be built. However, from the perspective of the creator, compliance with the law seems to be more of a last-minute adjustment. Compliance comes in the form of creating a product based on the needs of possible users and then learning about law and policy to tweak the product.
The panel largely focused on how consumer products such as apps and databases could be made better by creators improving their user interface for privacy aspects of the product. One of the ways in which the same could be done, it was suggested, was through the removal of blanket consent clauses. It was explained how blanket consent is a tool used by apps to access even that data of a user which is not necessary for the functioning of the app. Thereby, taking away the agency from a consumer. Adding to the same, it was suggested that the idea of purpose limitation where specific permissions need to be taken based on the use of the information should be adopted. Further, there should be a clear mention of why the data is being collected from the user. Speaking based on the surveys conducted by CUTS on data protection, the audience was informed about the direct correlation between awareness and consumer satisfaction. Transparency helps with increasing the customer’s ease of use of a product and therefore it is productive for creators to adhere to the same.
Moving on from there, the next issue in contention was the readability of privacy policies. Length, language and the excessive use of legalese were determined to be the factors that prevent users from understanding or even reading privacy policies. These policies, it was noted, tend to be inscrutable. Further, from the point of view of the user, there is a lack of knowledge about the enforceability of privacy policies. Based on the data collected by NIPFP through surveys, we were made aware that users do not know who or how privacy policies are enforced or if they are enforced at all. As suggestions to the start-ups present, the panelists focused on the readability of these policies. An approach towards the same would be to ensure that policies are short and simple. Further, having interactive features to ensure that different users are able to find answers to their queries about the policy easily adds value to the product. Features like videos explaining privacy policies, larger font size etc. would aid in incorporating privacy by design, which in turn would automatically build trust.
The main takeaway from the panel discussion was its elaboration on how product-makers tend to think of privacy and what aspects they focus on. It was a significant change from the perspective of the law where compliance is the rule. For product-makers, however, we learnt that a product’s usability and success is positively the motivation pushing them towards innovation. The panel discussion was an excellent platform where these two seemingly divergent views were synthesized to promote the idea of privacy by design.